I am auditing our permissions for IBM Bigfix Remote Control. The issue I have is that the default of “BUILTIN\Administrators” gives too much access because of an AD group that is added to that group by Group Policy. I need to allow ONLY the Local Administrator and a select AD group to have access. I’ve tried “BUILTIN\Administrator” (without the “s” on the end), and “LOCAL\Administrator”. Both are refused with “Session refused because the user is not a member of an allowed group”. I don’t want everyone in the local Administrators group to have access, only the actual Local Administrator.
Is there any way to do this?
Hi,
You can use your domain privilege account to take remote also.
for eq:-
adm_xyz
pwd
What we have set right now is “BUILTIN\Administrators;DOMAIN\GroupA” having access. But, the issue is that when a workstation is joined to our domain, DOMAIN\GroupB is automatically added to the local Administrators group on it. GroupA is where I put users that need access to Remote Control. GroupB contains domain accounts that need to have Administrator access to the workstation. However, there are accounts in GroupB that I don’t necessarily want to have access to the Remote Control. I would rather have the choice of “LOCAL\Administrator;DOMAIN\GroupA” only. It is strange that I can have an individual domain user, but not an individual local user (“DOMAIN\IndividualUser”, but not “LOCAL\IndividualUser”).